﻿using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;

var createEncryptionCertificate = new Action<string>(p =>
{
    using var algorithm = RSA.Create(keySizeInBits: 2048);

    var subject = new X500DistinguishedName("CN=Pisen");
    var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
    request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.KeyEncipherment, critical: true));

    var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(99));

    File.WriteAllBytes(p, certificate.Export(X509ContentType.Pfx, string.Empty));
});

var createSigningCertificate = new Action<string>(p =>
{
    using var algorithm = RSA.Create(keySizeInBits: 2048);

    var subject = new X500DistinguishedName("CN=Pisen");
    var request = new CertificateRequest(subject, algorithm, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
    request.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DigitalSignature, critical: true));

    var certificate = request.CreateSelfSigned(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddYears(99));

    File.WriteAllBytes(p, certificate.Export(X509ContentType.Pfx, string.Empty));
});


createEncryptionCertificate("encryption-certificate.pfx");
createSigningCertificate("signing-certificate.pfx");



